Forums
Main Category
General (Technical,...
Network Instruments...
 
Notifications
Clear all

Network Instruments Observer 15

 
General (Technical, Procedural, Software, Hardware etc.)
Last Post by one234 13 years ago
4 Posts
3 Users
0 Reactions
521 Views
RSS
one234
 one234
(@one234)
Active Member
Joined: 13 years ago
Posts: 16
Topic starter 09/04/2012 5:33 pm  

Hello all,

I'm an Msc Computer Forensics student working on a coursework on NFAT (network forensics analysis tools) assessment and its forensic artefact recoverability. The tool im assigned with is this one called "Observer 15" by Network Instruments.

At the moment im using the function "Reconstruct steams" under TCP events to reassemble the pcap streams into files that im looking for. However, it seems that this tool is pretty comprehensive yet basic that a lot of the files under certain protocols are not recoverable. e.g. pdf, png, ppt, tiff etc files transferred through FTP and POP3; also pcaps of audio / video / file transferred through MSN messenger cannot be reconstructed. I find this surprising but at the same time I hope it's only because of my lack of experience with the tool.

I'm wondering if those of you who had a go at this tool had the same problem too? if not, what did you do resolve this?

What other good things and flaws have you encountered through using this tool?

Thank you very much!


   
Quote
 SteveBrownNI
(@stevebrownni)
New Member
Joined: 13 years ago
Posts: 1
10/04/2012 4:53 am  

Hi Newbie,

Excited that you are digging into the capabilities of Observer 15. You have made a good point below. I work with Network Instruments and would be happy to set up a quick discussion on Observer 15 and its forensics research capabilities. We could also address any other questions you may have. Let me know if this is something you can do within the scope of the project you are working on.

Regards,

Steve Brown
952-358-3820
sbrown at networkinstruments dot com


   
ReplyQuote
 BitHead
(@bithead)
Noble Member
Joined: 20 years ago
Posts: 1206
10/04/2012 5:05 am  

Steve,
FYI - Newbie is one234's status (just as you are a Newbie).

That said, I hope you can post the results of your discussion with one234. I am sure none of us are looking for a sales pitch, but finding tools that can help us in our work is always a good thing.

Welcome.


   
ReplyQuote
one234
 one234
(@one234)
Active Member
Joined: 13 years ago
Posts: 16
Topic starter 10/04/2012 10:58 pm  

Hi Steve,
Thank you for your offer ) but since this not quite a project (as big in size) but a coursework for one of my modules, im not sure if it's still okay for you to provide an explanation of the tool for me? i'd reli appreciate it though.

and thanks BitHead, im a Newbie indeed! this is my very first post here! )


   
ReplyQuote
Forum Jump:
  Previous Topic
Next Topic  
Share: